This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4124 Views
  • 0 replies
  • 0 Likes

VPN SSL with LDAP Group fail

Hi team, I have a problem with a OS 3.1.9.If a try to configure VPN SSL with LDAP Groups, always I have the same error: Authentication failed: Invalid username or password.If I change the configuration to LDAP users, athentication and connection are perfect.What is the problem with LDAP Group? realy I need a solution with LDAP.I hope help me som...

ocampos by Not applicable
  • 2035 Views
  • 1 replies
  • 0 Likes

Resolved! DHCP Option 252 WPAD

Seeing since there is no support to push down client proxy settings via GP - does anyone know if we can set up a DHCP scope for SSL VPN clients that has/allows for option 252 WPAD support?ThanksRod

djrodb by L3 Networker
  • 8842 Views
  • 8 replies
  • 0 Likes

Is there any way to monitor the state of a Virtual Wire?

We are testing vwire behavior with link state pass through enabled in our lab where it is working properly, but there is very little information to use as indicators of a transition. Basically, all we can find in the log is the interface down message for the connection pulled. Is there any log or counter than can be viewed to tell that a virtua...

chrisp by L3 Networker
  • 4369 Views
  • 5 replies
  • 0 Likes

Global-protect clients not getting IPs

Hello,One of ours client upgraded netconnect (4.0.8) to global-protect 1.1.2 (4.1.2). In logs I can see that client is authenticated, but is not getting any IP. Communication is allowed so ipsec is not blocked. I've checked configuration at it seems fine. Client is getting the following error on the Client - Portal Error.In client logs I can...

Vulnerability profile including all signatures for specific application

Hi everyone, I've read through the Admin Guide and have done some searching in KnowledgePoint, but can't find the answer I'm looking for...Currently, in PANOS 4.1, in a Vulnerability profile, when one adds a rule, they can conditions to match signatures. We can provide a string to match on Threat Name, for example I could add a rule with 'ftp'...

Mack by L2 Linker
  • 3559 Views
  • 3 replies
  • 0 Likes

Still no way to set SPECIFIC threat exceptions???

I created this thread over a year ago...https://live.paloaltonetworks.com/message/3636#3636...is there still no more intuitive way to be more granular when it comes to creating threat exceptions? I'm still having the same problem I report at the bottom of that thread. For example...I need to create a rule to ignore Threat ID 12345. If I use th...

jambulo by L4 Transporter
  • 3776 Views
  • 4 replies
  • 0 Likes

Application bit-internal cannot be allowed.

How can I allow application bit-internal in my policy? This application is blocked by last rule (explicity block rule). I didn't see application bit-internal in my Object->application database and I can't use it in policy. We have PANOS 4.0.8 and application update 289-1268.

darkfibre by Not applicable
  • 4741 Views
  • 5 replies
  • 0 Likes

Trouble setting up Globalprotect

Hello,I'm tring for a week now to configure Global Protect. And have only been partially successful.My config is PanOS 4.1.1 and GP client 1.1.2 on PA 2050 Boxes. No GlobalProtect Licence.I encountered 2 Problems which I can't solve.1.I have configured LDAP to get the credentials from our AD server and got this part of the authentication working...

PA 5000 series users

Is anyone else running this new hardware platform besides my company? We are running into a huge amount of issues and I would like to know if it's just us or not.

Creating Zones (Sub-Zones) on PA-500

Hello,This question might sound very stupid, but never mind: I have a PA-500 configured which does a specific job which does layer 3 and that requires creating a lot of zones in-order to differentiate the traffic ( as per my understanding, zones are defined for differentiating between traffic. If my thinking is wrong, please correct me). Sinc...

SSL Over-Ride Page

Hi,Anyone had any luck with getting the SSL URL Over-ride page to display without a certificate error?If I have 'transparent' mode enabled for this function I get a certificate error (it appears to replace my URL with the IP address, port 6083, which doesn;t relate to the cert used).If I try redirect (to a Layer 3 interface on the PA as describe...

apackard by L4 Transporter
  • 2057 Views
  • 1 replies
  • 0 Likes

Virtual Routers as High Availability

We have a less critical PA firewall system connected to an HSRP pair on the internal interface and an HSRP pair on the external interface.What is the best way to configure these systems to ensure the most availability of the routes so traffic can continue to flow through the Palo Alto if one of the HSRPs fail over?My thought is to use a second v...

blogspot.com application

Hello,I'd like to differenciate blogspot.com websites that contain adult content from others blogspot.com sites.I noticed that blogspot.com adult content sites redirect the requested url to a page for content acceptance.Is possible to block this behavior with a custom application ?

is it possible to make an aggregation of HA3 interface?

Hi there.I have a question relevant to Active-Active HA.This is example for a question. I must configure Active-Active HA With PA-5050 of 2.And external interface must aggregate with two or more interfaces to support 2G traffic. (Customer average traffic volume is a 1.2G.)At this time, I must aggregate with two or more interface for HA3 interfac...

willstech by L3 Networker
  • 2232 Views
  • 1 replies
  • 0 Likes
  • 24336 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks